VYPR

Vendor CVEs

FreeBSD

All CVEs

558 total · sorted by risk
  • CVE-2002-0666Nov 4, 2002
    risk 0.00cvss epss 0.02

    IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in…

  • CVE-2002-0973Sep 24, 2002
    risk 0.00cvss epss 0.00

    Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl.

  • CVE-2002-0794Aug 12, 2002
    risk 0.00cvss epss 0.02

    The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts,…

  • CVE-2002-0761Aug 12, 2002
    risk 0.00cvss epss 0.00

    bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

  • CVE-2002-0830Aug 12, 2002
    risk 0.00cvss epss 0.02

    Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous…

  • CVE-2002-0754Aug 12, 2002
    risk 0.00cvss epss 0.00

    Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

  • CVE-2002-0820Aug 12, 2002
    risk 0.00cvss epss 0.00

    FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify…

  • CVE-2002-0759Aug 12, 2002
    risk 0.00cvss epss 0.01

    bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to…

  • CVE-2002-0518Aug 12, 2002
    risk 0.00cvss epss 0.02

    The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options,…

  • CVE-2002-0829Aug 12, 2002
    risk 0.00cvss epss 0.00

    Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.

  • CVE-2002-0831Aug 12, 2002
    risk 0.00cvss epss 0.00

    The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.

  • CVE-2002-0755Aug 12, 2002
    risk 0.00cvss epss 0.00

    Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root.

  • CVE-2002-0414Aug 12, 2002
    risk 0.00cvss epss 0.01

    KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4…

  • CVE-2002-0795Aug 12, 2002
    risk 0.00cvss epss 0.00

    The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.

  • CVE-2002-0701Jul 23, 2002
    risk 0.00cvss epss 0.00

    ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra…

  • CVE-2002-0574Jul 3, 2002
    risk 0.00cvss epss 0.02

    Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being…

  • CVE-2002-0381Jun 25, 2002
    risk 0.00cvss epss 0.02

    The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.

  • CVE-2002-0062Mar 8, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

  • CVE-2001-0796Dec 6, 2001
    risk 0.00cvss epss 0.02

    SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.

  • CVE-2001-1034Sep 23, 2001
    risk 0.00cvss epss 0.00

    Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.

  • CVE-2001-0710Sep 20, 2001
    risk 0.00cvss epss 0.02

    NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.

  • CVE-2001-1017Sep 4, 2001
    risk 0.00cvss epss 0.00

    rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and…

  • CVE-2001-0969Aug 31, 2001
    risk 0.00cvss epss 0.02

    ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.

  • CVE-2000-1197Aug 31, 2001
    risk 0.00cvss epss 0.00

    POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.

  • CVE-2001-1166Aug 21, 2001
    risk 0.00cvss epss 0.01

    linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.

  • CVE-2001-1145Aug 17, 2001
    risk 0.00cvss epss 0.00

    fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on…

  • CVE-2001-1180Jul 10, 2001
    risk 0.00cvss epss 0.01

    FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.

  • CVE-2001-1244Jul 7, 2001
    risk 0.00cvss epss 0.35

    Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that…

  • CVE-2001-0424Jul 2, 2001
    risk 0.00cvss epss 0.00

    BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.

  • CVE-2001-0439Jul 2, 2001
    risk 0.00cvss epss 0.02

    licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

  • CVE-2001-0469Jun 27, 2001
    risk 0.00cvss epss 0.02

    rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.

  • CVE-2001-0388Jun 27, 2001
    risk 0.00cvss epss 0.03

    time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

  • CVE-2001-0371Jun 18, 2001
    risk 0.00cvss epss 0.00

    Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.

  • CVE-2001-0310Jun 2, 2001
    risk 0.00cvss epss 0.00

    sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.

  • CVE-2001-0230Jun 2, 2001
    risk 0.00cvss epss 0.00

    Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges.

  • CVE-2001-0196May 3, 2001
    risk 0.00cvss epss 0.02

    inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.

  • CVE-2001-0235Mar 26, 2001
    risk 0.00cvss epss 0.00

    Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.

  • CVE-2001-0128Mar 12, 2001
    risk 0.00cvss epss 0.00

    Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

  • CVE-2000-0375Mar 12, 2001
    risk 0.00cvss epss 0.00

    The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.

  • CVE-2000-0890Feb 16, 2001
    risk 0.00cvss epss 0.00

    periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2001-0062Feb 12, 2001
    risk 0.00cvss epss 0.00

    procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.

  • CVE-2001-0061Feb 12, 2001
    risk 0.00cvss epss 0.00

    procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains…

  • CVE-2001-0063Feb 12, 2001
    risk 0.00cvss epss 0.00

    procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges.

  • CVE-2001-0094Feb 12, 2001
    risk 0.00cvss epss 0.00

    Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges.

  • CVE-2000-1167Jan 9, 2001
    risk 0.00cvss epss 0.02

    ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.

  • CVE-2000-1184Jan 9, 2001
    risk 0.00cvss epss 0.02

    telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.

  • CVE-2000-0963Dec 19, 2000
    risk 0.00cvss epss 0.01

    Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.

  • CVE-2000-0915Dec 19, 2000
    risk 0.00cvss epss 0.02

    fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.

  • CVE-2000-1012Dec 11, 2000
    risk 0.00cvss epss 0.00

    The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.

  • CVE-2000-1066Dec 11, 2000
    risk 0.00cvss epss 0.02

    The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.

Page 10 of 12